ある組織は、新しいテクノロジーを導入し、その新機能を戦略的ビジネス プランに組み込むことを決定しました。テクノロジーのビジネス オペレーションはアウトソーシングされます。変更中のリスク管理担当者の主な役割は何でしょうか。
正解:A
The risk practitioner's primary role during the change is to manage the third-party risk, as this involves identifying, assessing, and mitigating the risks associated with outsourcing the business operations for the emerging technology. The risk practitioner should ensure that the third-party provider has the necessary capabilities, security, and compliance to deliver the expected outcomes and meet the contractual obligations.
The risk practitioner should also monitor the performance and service levels of the third-party provider and report any issues or incidents. Developing risk scenarios, managing the threat landscape, and updating risk appetite are all important activities for the risk practitioner, but they are not the primary role during the change. Developing risk scenarios is a technique for identifying and analyzing potential risk events and their impacts. Managing the threat landscape is a process of identifying and responding to the external and internal threats that may affect the organization. Updating risk appetite is a decision that reflects the organization's willingness to accept or avoid risk in pursuit of its objectives. References = Risk and Information Systems Control Study Manual, Chapter 2: IT Risk Identification, page 48.